[cft]

This tsunami TCP SYN attack uses 1000 byte SYN packets apparently. A good countermeasure for these would be rejection of all large SYN packets. Verisign DDoS protection services claim that they can withstand 2Tbps attacks of most types.

[r1ch]

Unfortunately this would break TCP Fast Open, which transmits data with the initial SYN.

[scurvy]

I can tell you that almost no one uses TCP Fast Open. It's a draft RFC that violates other RFCs. Google has given up on it in favor of QUIC. You should give up on it, too. It's not going to happen. It's a bad idea cooked up by ivory tower researchers who have never run a network.

[georgerobinson]

Would a client that supports TCP Fast Open then fallback to the standard 3-way handshake once it's SYNs timed out?